Zarafa with official SSL certificates
From Zarafa wiki
(Created page with "Getting Zarafa to run with your official SSL certificates is quite simple. This document will explain you how to get your Zarafa running with your official SSL certificates. E....") |
Ddebyttere (Talk | contribs) m (updated some minor stuff) |
||
| Line 6: | Line 6: | ||
= Apache = | = Apache = | ||
| - | When you buy your certificate (in our example a * | + | When you buy your certificate (in our example a * certificate) you will get the folowing files: |
* SSL Certificate File: In our example star_domain_com.crt | * SSL Certificate File: In our example star_domain_com.crt | ||
* SSL Certificate Key File: In our example star_domain_com.key | * SSL Certificate Key File: In our example star_domain_com.key | ||
| Line 14: | Line 14: | ||
<pre> | <pre> | ||
SSLCertificateFile /path/to/star_domain_com.crt | SSLCertificateFile /path/to/star_domain_com.crt | ||
| - | |||
SSLCertificateKeyFile /path/to/star_domain_com.key | SSLCertificateKeyFile /path/to/star_domain_com.key | ||
| - | |||
SSLCertificateChainFile /path/to/ca.crt | SSLCertificateChainFile /path/to/ca.crt | ||
</pre> | </pre> | ||
| Line 32: | Line 30: | ||
First we need to create a pem file: | First we need to create a pem file: | ||
<pre> | <pre> | ||
| - | cat /path/to/star_domain_com.key | + | cat /path/to/star_domain_com.key /path/to/star_domain_com.crt > /path/to/star_domain_com.pem |
| - | + | ||
</pre> | </pre> | ||
Latest revision as of 18:19, 22 February 2012
Getting Zarafa to run with your official SSL certificates is quite simple. This document will explain you how to get your Zarafa running with your official SSL certificates.
E.g.: You have bought an official * certificate for your domain, and you have that already configured for your apache webserver, and now you want to use that * certificate also for your zarafa setup. This document will explain you how to do that, and will use the apache config as an instrument to help explain this.
Apache
When you buy your certificate (in our example a * certificate) you will get the folowing files:
- SSL Certificate File: In our example star_domain_com.crt
- SSL Certificate Key File: In our example star_domain_com.key
- Certificate Authority: in our example ca.crt
Your apache ssl config will look something like this:
SSLCertificateFile /path/to/star_domain_com.crt SSLCertificateKeyFile /path/to/star_domain_com.key SSLCertificateChainFile /path/to/ca.crt
Note: The Certificate Authority can also be added to your ca-bundle. Then you need to change the apache config "SSLCertificateChainFile" to your ca-bundle.
In this case we assume that your apache SSL works correctly without any SSL popups.
Zarafa
Now we will use those same SSL files for zarafa-server.
First we need to create a pem file:
cat /path/to/star_domain_com.key /path/to/star_domain_com.crt > /path/to/star_domain_com.pem
Copy the files star_domain_com.pem and ca.crt to your zarafa server.
Now we will modify the ssl settings in the server.cfg:
server_ssl_enabled = yes server_ssl_port = 237 server_ssl_key_file = /path/to/star_domain_com.pem server_ssl_key_pass = server_ssl_ca_file = /path/to/ca.crt
Restart zarafa-server and your are done. Now you can start up outlook and connect to zarafa-server over SSL, and you should not get any popups (assuming you connect to the correct domainname).
